• Must be willing and able to travel occasionally to Stuttgart, Germany (5-10% travel in a year)
• Help define requirements and identify gaps for performing remote compromise assessments
• Capture forensic artifacts such as memory and disk images
• Lead remote compromise assessments and produce final assessment reports
• Perform live box and dead box forensics to identify compromise and attack vector
• Provide input for Security Operations Center (SOC) improvement and identify visibility gaps for enterprise monitoring
• Collect network intrusion artifacts (e.g., PCAP, domains, URI’s, certificates, etc.) and uses discovered data to enable mitigation of potential incidents
• Collect network device integrity data and analyze for signs of tampering or compromise
• Analyze identified malicious network and system log activity to determine weaknesses exploited, exploitation methods, effects on system and information
• Track and document incident response activities and providing updates to leadership through executive summaries and in-depth technical reports
• Plan, coordinate and direct the inventory, examination and comprehensive technical analysis of computer related evidence
• Serve as technical forensics liaison to stakeholders and explaining investigation details
• You will work in the Security Incident Response Team (SIRT) to build, develop, and operate a SIRT that will allow us to quickly identify, respond, and protect against threats to our global infrastructure
• You will assist and/or lead investigations in active security incident scenarios, supporting the organization through the Incident Response lifecycle
• You will work across functions to identify new and emerging threats and work to develop detection alarms and workflows to assist in future identification and response
• Provide expertise in the triage and identification of potential security incidents
• Develop and create alarms, dashboards, and workflows to allow quicker and more efficient insight into security events
• Identify residual risk through security monitoring and instigate security-focused projects to remediate root cause issues
• Proactively hunting threats in our environment, identifying new risk areas, and developing methods for us to proactively address these threats
• Coordinate containment, eradication, and recovery actions for high priority on-premises cybersecurity incidents and cloud cybersecurity incidents.
• Research security trends and recommend security tool optimization
• Provide training, mentoring, and subject matter expertise for Security Operations Center (SOC) staff
• Execute the incident response plan, ensuring cross-functional teams operate functionally and efficiently through incident response scenarios
• Draft, maintain, and communicate incident reports for an executive audience

Required Qualifications

• Must be willing and able to travel occasionally to Stuttgart, Germany (5-10% travel in a year)

Preferred Qualifications

• CVE certification
• Have presented at a security conference such as DefCon, BlackHat, RSA Conference, etc.
• Have at least one of the following certifications: SANS GIAC: GCIA, GCFA, GPEN, GWAPT, GCFE, GREM, GXPN, GMON, GISF, or GCIH, ISC2: CCFP, CCSP, CISSP CERT CSIH, EC Council: CHFI, LPT, ECSA; Offensive Security: OSCP, OSCE, OSWP and OSEE; Defense Cyber Investigative Training Academy: FTK WFE-FTK, CIRC, WFE-E-CI, FIW
• Have experience building security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scale
• Have broad and deep technical knowledge, specifically in the fields of cryptography, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence
• Have demonstrated experience in security analytics including security and machine learning, applications of data miniing to security, intrusion detection, anomaly detection, network security,etc.
• You are intellectually curious with a genuine desire to learn and advance your career.
• You are a critical thinker with excellent problem-solving skills
• Have knowledge of the Spanish or Portuguese language
• Experience operating in an international environment.
• Conduct malware analysis using static and dynamic methodologies (e.g., debuggers [Ollydbg], disassembler [IDA Pro], sandbox execution, etc.)
• Produce malware reports to disseminate to the watch floor and enterprise

BOSCH is a proud supporter of STEM (Science, Technology, Engineering & Mathematics) Initiatives

FIRST Robotics (For Inspiration and Recognition of Science and Technology)

AWIM (A World In Motion)

By choice, we are committed to a diverse workforce – EOE/Protected Veteran/Disabled.

For more information on our culture and benefits, please visit: Culture and Benefits | Bosch in the USA

The U.S. base salary range for this full-time position is $125,000 - $140,000. Within the range, individual pay is determined based on several factors, including, but not limited to, work experience and job knowledge, complexity of the role, job location, etc. Your Recruiter can share more details about the specific salary range for this position during the interview process.

In addition to your base salary, Bosch offers a comprehensive benefits package that includes health, dental, and vision plans; health savings accounts (HSA); flexible spending accounts; 401(K) retirement plan with an attractive employer match; wellness programs; life insurance; short and long term disability insurance; paid time off; parental leave, adoption assistance; and reimbursement of education expenses. Learn more about our full benefits offerings by visiting: https://www.myboschbenefits.com/public/welcome. Pay ranges included in the postings generally reflect base salary; certain positions may include bonus, commission, or additional benefits.